feat: apply keywords for gitleaks (#230)

Keywords are important:
> Keywords are used for pre-regex check filtering. Rules that contain
keywords will perform a quick string compare check to make sure the
keyword(s) are in the content being scanned.

Without keywords, any "40 characters" string will considered as an
"aws-secret-key" for example.

README.md

@@ -147,49 +147,49 @@ Scan command arguments and global flags can be passed either as flags in the sca
 We've built the `2ms` command line interface to be as self-descriptive as possible. This is the help message that is shown when you execute `2ms` without args:
 
 <!-- command-line:start -->
-
-```text
-2ms Secrets Detection: A tool to detect secrets in public websites and communication services.
-
-Usage:
-  2ms [command]
-
-Scan Commands
-  confluence  Scan Confluence server
-  discord     Scan Discord server
-  filesystem  Scan local folder
-  git         Scan local Git repository
-  paligo      Scan Paligo instance
-  slack       Scan Slack team
-
-Additional Commands:
-  completion  Generate the autocompletion script for the specified shell
-  help        Help about any command
-  rules       List all rules
-
-Flags:
-      --add-special-rule strings      special (non-default) rules to apply.
-                                      This list is not affected by the --rule and --ignore-rule flags.
-      --config string                 config file path
-  -h, --help                          help for 2ms
-      --ignore-on-exit ignoreOnExit   defines which kind of non-zero exits code should be ignored
-                                      accepts: all, results, errors, none
-                                      example: if 'results' is set, only engine errors will make 2ms exit code different from 0 (default none)
-      --ignore-result strings         ignore specific result by id
-      --ignore-rule strings           ignore rules by name or tag
-      --log-level string              log level (trace, debug, info, warn, error, fatal) (default "info")
-      --max-target-megabytes int      files larger than this will be skipped.
-                                      Omit or set to 0 to disable this check.
-      --regex stringArray             custom regexes to apply to the scan, must be valid Go regex
-      --report-path strings           path to generate report files. The output format will be determined by the file extension (.json, .yaml, .sarif)
-      --rule strings                  select rules by name or tag to apply to this scan
-      --stdout-format string          stdout output format, available formats are: json, yaml, sarif (default "yaml")
-      --validate                      trigger additional validation to check if discovered secrets are active or revoked
-  -v, --version                       version for 2ms
-
-Use "2ms [command] --help" for more information about a command.
-```
-
+
+```text
+2ms Secrets Detection: A tool to detect secrets in public websites and communication services.
+
+Usage:
+  2ms [command]
+
+Scan Commands
+  confluence  Scan Confluence server
+  discord     Scan Discord server
+  filesystem  Scan local folder
+  git         Scan local Git repository
+  paligo      Scan Paligo instance
+  slack       Scan Slack team
+
+Additional Commands:
+  completion  Generate the autocompletion script for the specified shell
+  help        Help about any command
+  rules       List all rules
+
+Flags:
+      --add-special-rule strings      special (non-default) rules to apply.
+                                      This list is not affected by the --rule and --ignore-rule flags.
+      --config string                 config file path
+  -h, --help                          help for 2ms
+      --ignore-on-exit ignoreOnExit   defines which kind of non-zero exits code should be ignored
+                                      accepts: all, results, errors, none
+                                      example: if 'results' is set, only engine errors will make 2ms exit code different from 0 (default none)
+      --ignore-result strings         ignore specific result by id
+      --ignore-rule strings           ignore rules by name or tag
+      --log-level string              log level (trace, debug, info, warn, error, fatal) (default "info")
+      --max-target-megabytes int      files larger than this will be skipped.
+                                      Omit or set to 0 to disable this check.
+      --regex stringArray             custom regexes to apply to the scan, must be valid Go regex
+      --report-path strings           path to generate report files. The output format will be determined by the file extension (.json, .yaml, .sarif)
+      --rule strings                  select rules by name or tag to apply to this scan
+      --stdout-format string          stdout output format, available formats are: json, yaml, sarif (default "yaml")
+      --validate                      trigger additional validation to check if discovered secrets are active or revoked
+  -v, --version                       version for 2ms
+
+Use "2ms [command] --help" for more information about a command.
+```
+
 <!-- command-line:end -->
 
 ### Configuration File

engine/engine.go

@@ -43,12 +43,15 @@ func Init(engineConfig EngineConfig) (*Engine, error) {
 	}
 
 	rulesToBeApplied := make(map[string]config.Rule)
+	keywords := []string{}
 	for _, rule := range *selectedRules {
-		// required to be empty when not running via cli. otherwise rule will be ignored
-		rule.Rule.Keywords = []string{}
 		rulesToBeApplied[rule.Rule.RuleID] = rule.Rule
+		for _, keyword := range rule.Rule.Keywords {
+			keywords = append(keywords, strings.ToLower(keyword))
+		}
 	}
 	cfg.Rules = rulesToBeApplied
+	cfg.Keywords = keywords
 
 	detector := detect.NewDetector(cfg)
 	detector.MaxTargetMegaBytes = engineConfig.MaxTargetMegabytes